National Vulnerability Database (NVD) National Vulnerability Database (CVE-2007-0450)

National Cyber Awareness System

Vulnerability Summary for CVE-2007-0450

Original release date:03/16/2007

Last revised:03/08/2011

Source: US-CERT/NIST

Overview

Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.

Impact

CVSS Severity (version 2.0):

CVSS v2 Base Score:5.0 (MEDIUM) (AV:N/AC:L/Au:N/C:P/I:N/A:N) (legend)

Impact Subscore: 2.9

Exploitability Subscore: 10.0

CVSS Version 2 Metrics:

Access Vector: Network exploitable

Access Complexity: Low

Authentication: Not required to exploit

Impact Type:Allows unauthorized disclosure of information

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: BUGTRAQ

Name: 20070314 SEC Consult SA-20070314-0 :: Apache HTTP Server / Tomcat directory traversal

Type: Patch Information

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/462791/100/0/threaded

External Source: XF

Name: tomcat-proxy-directory-traversal(32988)

Hyperlink:http://xforce.iss.net/xforce/xfdb/32988

External Source: VUPEN

Name: ADV-2009-0233

Hyperlink:http://www.vupen.com/english/advisories/2009/0233

External Source: VUPEN

Name: ADV-2008-1979

Hyperlink:http://www.vupen.com/english/advisories/2008/1979/references

External Source: VUPEN

Name: ADV-2008-0065

Hyperlink:http://www.vupen.com/english/advisories/2008/0065

External Source: VUPEN

Name: ADV-2007-3386

Hyperlink:http://www.vupen.com/english/advisories/2007/3386

External Source: VUPEN

Name: ADV-2007-3087

Hyperlink:http://www.vupen.com/english/advisories/2007/3087

External Source: VUPEN

Name: ADV-2007-2732

Hyperlink:http://www.vupen.com/english/advisories/2007/2732

External Source: VUPEN

Name: ADV-2007-0975

Hyperlink:http://www.vupen.com/english/advisories/2007/0975

External Source: BID

Name: 22960

Hyperlink:http://www.securityfocus.com/bid/22960

External Source: BUGTRAQ

Name: 20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/500412/100/0/threaded

External Source: BUGTRAQ

Name: 20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/500396/100/0/threaded

External Source: MISC

Name: http://www.sec-consult.com/fileadmin/Advisories/20070314-0-apache_tomcat_directory_traversal.txt

Hyperlink:http://www.sec-consult.com/fileadmin/Advisories/20070314-0-apache_tomcat_directory_traversal.txt

External Source: MISC

Name: http://www.sec-consult.com/287.html

Hyperlink:http://www.sec-consult.com/287.html

External Source: REDHAT

Name: RHSA-2007:0327

Hyperlink:http://www.redhat.com/support/errata/RHSA-2007-0327.html

External Source: SUSE

Name: SUSE-SR:2007:005

Hyperlink:http://www.novell.com/linux/security/advisories/2007_5_sr.html

External Source: CONFIRM

Name: http://tomcat.apache.org/security-6.html

Hyperlink:http://tomcat.apache.org/security-6.html

External Source: CONFIRM

Name: http://tomcat.apache.org/security-5.html

Hyperlink:http://tomcat.apache.org/security-5.html

External Source: CONFIRM

Name: http://tomcat.apache.org/security-4.html

Hyperlink:http://tomcat.apache.org/security-4.html

External Source: CONFIRM

Name: http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540

Hyperlink:http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540

External Source: GENTOO

Name: GLSA-200705-03

Hyperlink:http://security.gentoo.org/glsa/glsa-200705-03.xml

External Source: SECUNIA

Name: 33668

Hyperlink:http://secunia.com/advisories/33668

External Source: SECUNIA

Name: 25280

Hyperlink:http://secunia.com/advisories/25280

External Source: SECUNIA

Name: 25106

Hyperlink:http://secunia.com/advisories/25106

External Source: SECUNIA

Name: 24732

Hyperlink:http://secunia.com/advisories/24732

External Source: OVAL

Name: oval:org.mitre.oval:def:10643

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10643

External Source: HP

Name: SSRT071447

Hyperlink:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795

External Source: CONFIRM

Name: http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx

Hyperlink:http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx

External Source: BID

Name: 25159

Hyperlink:http://www.securityfocus.com/bid/25159

External Source: BUGTRAQ

Name: 20080108 VMSA-2008-0002 Low severity security update for VirtualCenter and ESX Server 3.0.2, and ESX 3.0.1

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/485938/100/0/threaded

External Source: REDHAT

Name: RHSA-2008:0261

Hyperlink:http://www.redhat.com/support/errata/RHSA-2008-0261.html

External Source: REDHAT

Name: RHSA-2007:0360

Hyperlink:http://www.redhat.com/support/errata/RHSA-2007-0360.html

External Source: SUSE

Name: SUSE-SR:2007:015

Hyperlink:http://www.novell.com/linux/security/advisories/2007_15_sr.html

External Source: MANDRIVA

Name: MDKSA-2007:241

Hyperlink:http://www.mandriva.com/security/advisories?name=MDKSA-2007:241

External Source: CONFIRM

Name: http://www.fujitsu.com/global/support/software/security/products-f/interstage-200702e.html

Hyperlink:http://www.fujitsu.com/global/support/software/security/products-f/interstage-200702e.html

External Source: CONFIRM

Name: http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm

Hyperlink:http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm

External Source: SUNALERT

Name: 239312

Hyperlink:http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1

External Source: SREASON

Name: 2446

Hyperlink:http://securityreason.com/securityalert/2446

External Source: SECUNIA

Name: 30908

Hyperlink:http://secunia.com/advisories/30908

External Source: SECUNIA

Name: 30899

Hyperlink:http://secunia.com/advisories/30899

External Source: SECUNIA

Name: 28365

Hyperlink:http://secunia.com/advisories/28365

External Source: SECUNIA

Name: 27037

Hyperlink:http://secunia.com/advisories/27037

External Source: SECUNIA

Name: 26660

Hyperlink:http://secunia.com/advisories/26660

External Source: SECUNIA

Name: 26235

Hyperlink:http://secunia.com/advisories/26235

External Source: MLIST

Name: [Security-announce] 20080107 VMSA-2008-0002 Low severity security update for VirtualCenter and ESX Server 3.0.2, and ESX 3.0.1

Hyperlink:http://lists.vmware.com/pipermail/security-announce/2008/000003.html

External Source: APPLE

Name: APPLE-SA-2007-07-31

Hyperlink:http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html

External Source: HP

Name: HPSBUX02262

Hyperlink:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795

External Source: CONFIRM

Name: http://docs.info.apple.com/article.html?artnum=306172

Hyperlink:http://docs.info.apple.com/article.html?artnum=306172

References to Check Content

Identifier:oval:org.mitre.oval:def:10643

Check System:http://oval.mitre.org/XMLSchema/oval-definitions-5

Hyperlink:http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:10643

Vulnerable software and versions

Configuration 1

* cpe:/a:apache:http_server:::win32

* cpe:/a:apache:tomcat:5.0.19 and previous versions

* cpe:/a:apache:tomcat:5.0.28 and previous versions

* cpe:/a:apache:tomcat:5.5.0 and previous versions

* cpe:/a:apache:tomcat:5.5.1 and previous versions

* cpe:/a:apache:tomcat:5.5.10 and previous versions

* cpe:/a:apache:tomcat:5.5.11 and previous versions

* cpe:/a:apache:tomcat:5.5.12 and previous versions

* cpe:/a:apache:tomcat:5.5.13 and previous versions

* cpe:/a:apache:tomcat:5.5.14 and previous versions

* cpe:/a:apache:tomcat:5.5.15 and previous versions

* cpe:/a:apache:tomcat:5.5.16 and previous versions

* cpe:/a:apache:tomcat:5.5.17 and previous versions

* cpe:/a:apache:tomcat:5.5.18 and previous versions

* cpe:/a:apache:tomcat:5.5.19 and previous versions

* cpe:/a:apache:tomcat:5.5.2 and previous versions

* cpe:/a:apache:tomcat:5.5.20 and previous versions

* cpe:/a:apache:tomcat:5.5.21 and previous versions

* cpe:/a:apache:tomcat:5.5.22 and previous versions

* cpe:/a:apache:tomcat:5.5.3 and previous versions

* cpe:/a:apache:tomcat:5.5.4 and previous versions

* cpe:/a:apache:tomcat:5.5.5 and previous versions

* cpe:/a:apache:tomcat:5.5.6 and previous versions

* cpe:/a:apache:tomcat:5.5.7 and previous versions

* cpe:/a:apache:tomcat:5.5.8 and previous versions

* cpe:/a:apache:tomcat:5.5.9 and previous versions

* cpe:/a:apache:tomcat:6.0.9 and previous versions

* Denotes Vulnerable Software

Technical Details

Vulnerability Type (View All)

Path Traversal (CWE-22)

CVE Standard Vulnerability Entry:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0450